Code signing is required in iOS. On Mac OS X 10.7 and later, it enables programs downloaded from the Internet to be opened without any warnings (if they are signed with an Apple-issued certificate) and it is required there for using certain functionality (e.g. APIs used by debuggers; note that in this case a self-signed certificate that is marked as "trusted" suffices).

This functionality is performed by Apple's Gatekeeper software. The user may entirely disable Gatekeeper in system preferences, but default settings only allow launching of applications with code signature or from the Mac App Store.

If your app was successfully signed this command will return the path to your executable and your identifier key.

Verify your signature:

codesign -vvvv <path>

If your app was successfully signed this command will return the strings "valid on disk" and "satisfies its Designated Requirement", respectively, after the path to your application.

<signature> denotes the 10-digit alphanumeric key of your developer ID.<path> is the path to your program on your Mac's filesystem.<BundleIdentifier > is an unambiguous URI of your executable, e.g. com.my_company.my_application.

Running an app inside a sandbox in Mac OS X

Every app released in the App Store must be code-signed and run in the sandbox, therefore it is useful to test if your application will work correctly when run inside the sandbox before submitting it for the App Store.

To make sure that your app will be really running inside the sandbox, one useful trick is to create a button which will make a disallowed operation, such as creating a file. The code below is an example of how to do this. Remember to substitute an actual username in <<USERNAME>>

Now make sure that the application bundle does not use a symlink, which is actually the default for apps created in Lazarus. This is necessary, because otherwise code-signinig will fail. And codesign your application. The example below shows how to code-sign with a debug key for testing:

This is a success! The sandbox blocked the invalid operation. Now you can remove the button and test your application. You are sure that your application is running in the sandbox because it blocked the file write operation. If no other operations from your application are blocked, it passed the test and this is a very good sign towards it being compliant with the App Store rules. If you have other operations being blocked you will need to either add permissions to do these operations in your plist file, or you will need to redesign or remove some features, or maybe even give up the app store if your application cannot really work properly with the sandbox rules.